Method for statistical object identification

ABSTRACT

The present invention provides a mechanism to activate an original object ( 12 S) so that statistical objects ( 14 S) generated from the original object can be recognized using statistical object identification. An object activation agent ( 48 ) with a clock ( 47 ) and at least one original object ( 12 S) communicates the original object ( 12 S) and time from the clock ( 47 ) to an object activation service ( 50 ). The object activation service ( 50 ) provides and communicates keying information ( 61 ) and expiration criterion ( 63 ) for at least one of said original objects ( 12 S) back to the object activation agent ( 48 ).

CROSS-REFERENCE TO A RELATED U.S. PATENT APPLICATION & CLAIM FORPRIORITY

The Present Patent application is a Continuation-in-Part application,and is related to a Parent application U.S. Ser. No. 13/373,586 filed on18 Nov. 2011. In accordance with the provisions of Sections 119 & 120 ofTitle 35 of the United States Code of Laws, the Applicant hereby claimsthe benefit of priority for any and all subject matter that is commonlydisclosed in U.S. Ser. No. 13/373,586 and in the Present application.

SEQUENCE LISTING

Not applicable.

FEDERALLY SPONSORED RESEARCH OR DEVELOPMENT

None.

FIELD OF THE INVENTION

The present invention pertains to methods for uniquely identifying anoriginal object from a series of statistical objects by receiving andidentifying the original object from which the statistical objects weregenerated.

BACKGROUND OF THE INVENTION

Statistical objects are used where conventional secured communicationsof an original object cannot be used due to protocol constraints orcommunications bandwidth limitations. Using a statistical object insteadof an original object achieves much greater bandwidth efficiency due tothe use of a deterministic statistical representation of the originalobject.

In this Specification, and in the Claims that follow, the term“statistical object” is a string of values mapped by a random or “hash”function. The output of this function points to a string of values whichstands for or represents the input to the function. In FIG. 1, theoutput string of values is shown as x₁, x₂, x₃ . . . x_(n). In thisexample, the input of the function is an original object, while theoutput is a statistical object.

If the string is shorter than the input, a “collision” occurs. Acollision results when two or more different inputs produce the sameoutput, and is generally considered detrimental.

To mitigate the effects of collisions, additional inputs are added tothe function. These inputs vary over time, enabling different streams ofstatistical object to eventually diverge from their collidingtendencies. As an example, a clock may be employed to add a time valueas an input. As an alternative, a counter may serve as an input.Multiple additional inputs may be used together in the generation of thestatistical object.

In this Specification, and in the Claims that follow, the terms“function,” “random function” and “hash function” are intended toencompass any procedure or mathematical method that converts a largeamount of data into a smaller amount of data. In one embodiment of theinvention, the output may be a single integer or value which serves asan index to an array or database. According to Wikipedia, the outputvalues of a hash function may be called hash values, hash codes, hashsums, checksums or hashes. The inputs to a hash function may be referredto as keys.

FIG. 2 illustrates a simple example of the operation of a hash function.A set of four inputs or keys are shown as the names Joe, Moe, Sam andCharlie. The hash function F(x) associates a hash or output with eachname. The input of Joe causes the hash function to point to output “03”.The input of Moe causes the hash function to point to the output of“01”. The input of Sam causes the hash function to point to the outputof “06”. The input of Charlie causes the hash function to point to theoutput of “03”. Because the Joe and Charlie inputs both return a hash of“03”, this pair of hashes is said to cause a collision.

As noted above, this collision may be avoided by adding a clock or acounter as an additional input to the hash function. So, in analternative embodiment, if the input of Joe is provided to the hashfunction at 1:00 p.m., and the input of Charlie is provided to the hashfunction at 2:00 p.m., the different inputs would lessen the probabilitythat this collision would occur.

One advantage of using statistical objects is that information may be“concentrated” in a relatively smaller number of transmitted bits, whichincreases the efficiency of communication across a network.

The consequence of using a deterministic statistical representation isthat the representation is not guaranteed to identify uniquely thesource original object. The deterministic statistical representation,the statistical object, may be generally considered to be the output ofa hash or similar function of the original object along with one or morevarying deterministic inputs such as a clock or counter. These varyingdeterministic inputs are necessary so that the cumulative stream ofoutput statistical objects generated from a single original object isunique across a large number of generated statistical objects.Unambiguously identifying a statistical object to a unique originalobject is essentially an exercise in mitigating the effects of thebirthday problem. The birthday problem is the probability that output ofthe hash of different original objects and their respectivedeterministic inputs produce identical statistical objects. Thegeneration of a single statistical object by two or more originalobjects causes a collision.

FIG. 3 supplies a graph that illustrates the birthday problem. Thenumber of individuals in any given group is shown on the x-axis. They-axis shows an approximate probability, on a scale from zero to one,that two people in the group will share the same birthday. As anexample, in a group of twenty-three people, the probability that twopersons in this group will have the same birthday is about fiftypercent.

The birthday problem may be understood as an example of the hashfunction depicted in FIG. 2. In the birthday problem, the keys or inputsare the names of the individuals in the group. The hash function mapsthese inputs to one of the hashes or outputs, which represent the daysof the year. If two persons in the group share the same birthday, thehash function points to the same day for two different individuals, anda collision occurs.

Given a uniform distribution, the probability of a collision increaseswith the number of statistical objects in use. A mechanism tounambiguously identify statistical objects back to their originalobjects would constitute a major technological advance, and wouldsatisfy long felt needs and aspirations in the cyber security industry.

SUMMARY OF THE INVENTION

A statistical object, the deterministic statistical representation of anoriginal object, may be generally considered to be the output of a hashor similar function coupled with additional inputs of clocks, countersand other varying deterministic inputs. Unambiguously identifying astatistical object to a unique original object is essentially anexercise in mitigating the effects of the birthday problem. The birthdayproblem is the probability that outputs of the hashes of differentoriginal objects and their deterministic inputs produce identicalstatistical objects. The generation of a single statistical object bytwo or more original objects causes a collision. Given a uniformdistribution, the probability of a collision increases with the numberof statistical objects in use. Statistical objects are designed to beused as components of security devices. As a component to securitydevices, in addition to uniquely identifying a statistical object backto the original object, the overall probability of guessing any validstatistical object must also be considered. The amount of spaceavailable to carry a statistical object will vary with thecommunications mechanism, but the size of an individual statisticalobject is expected to remain small, generally less than the number ofbits required to uniquely identify an original object when large numbersof objects are in use. This requires the aggregation of two or morerelated statistical objects into a larger aggregate statistical object.Aggregating multiple related statistical objects into a single aggregatestatistical object requires that all possible original object resolutionmatches are tracked and maintained. Multiple statistical objects fromthe same original object can be associated together by using informationassociated with the communication and reception of the statisticalobjects. This information, called communications characteristics, caninclude networking information, such as the source address or networksession information including source and destination addresses andsource and destination port numbers. Communications characteristics canalso include physical information such as the physical port upon whichthe statistical object was received or the logical channel upon whichthe statistical object was received.

To unambiguously identify the original object from which a statisticalobject or a stream of statistical objects was generated, the deviceperforming the identity must maintain a table of all valid statisticalobjects. This table may contain collisions where multiple originalobjects generate the same statistical object. When a statistical objectis received, it is first looked up in the table of all statisticalobjects to determine if the received statistical object is valid. If thereceived statistical object is not found in the table, then no furtherprocessing occurs with respect to identifying the original object onthat reception. When a statistical object is received and is matched inthe table of all valid statistical objects, the communicationscharacteristics associated with the reception of the statistical objectand the list of all potential original objects are recorded. If the listof potential original objects has exactly a single entry, then theoriginal object is identified and the process moves on to calculatingthe statistical probability.

When a statistical object is received and is not unambiguouslyidentified, the partially identified statistical object and the list ofpotential original objects are recorded along with the communicationscharacteristics associated with the reception of the statistical object.When a another statistical object with related communicationscharacteristics is received, the list of potential original objects ispruned of original objects that cannot generate the complete set ofreceived statistical objects found in the aggregate statistical object.Once the original object is unambiguously identified, the process moveson to calculating the statistical probability of guessing theinformation in the aggregate statistical object. If the original objectis not unambiguously identified, nothing further is done at this timeand the system awaits the reception of another statistical object withrelated communications characteristics to increase the number of bits ofinformation received and again aggregates this information into theaggregate statistical object and the process repeats itself.

Calculating the probability of guessing the information in the aggregatestatistical object requires the number of bits of statistical objectsthat have been received and aggregated and the number of statisticalobjects maintained in the table of all valid statistical objects. Thespecific probability p of a collision is

${p( {n;d} )} = \frac{d!}{{d^{n}( {d - n} )}!}$

where n is the number of statistical objects in the table of validstatistical objects and d is the total number of unique statisticalobjects available. For general use, the approximation p(n;d)≈1−e^(−2/(2×d)) is used. The total number of unique statisticalobjects available d is d=2^(b) where b is the number of bits ofstatistical object information received.

Once the probability has been calculated, it is compared against theprobability threshold. If the calculated probability is less than theprobability threshold, then the statistical object has been identifiedwith a confidence that the aggregate information received does notexceed the probability threshold set beforehand. If the probabilityexceeds the threshold, nothing further is done and the system awaits thereception of another statistical object with related communicationscharacteristics to increase the number of bits of information receivedand aggregates into the aggregate statistical object and the processrepeats itself.

A further optimization can be made by associating communicationscharacteristics across multiple identifications of statistical objects.When a statistical object is identified and does not exceed theprobability threshold, thereby confirming that it was generated from theoriginal object, the communications characteristics are temporarilyassociated with that original object. When a subsequent statisticalobject with similar or identical communications characteristics isreceived, the received statistical object is checked against theassociated original object. If the associated original object couldproduce the received statistical object, the statistical object isidentified as being produced by the associated original object. Whenmultiple original objects are associated with the same set ofcommunications characteristics, the identification of the statisticalobject proceeds by aggregating the statistical object information andpruning the list of potential original objects until only a singleoriginal object remains. The statistical object is still aggregated inan aggregated statistical object to enable the aggregation ofinformation for the probability calculation. The probability calculationis made using the number of bits of information received in theaggregate statistical object and the number of statistical objects thatare associated with the communications characteristics that areassociated with the original object. This results in a lesser amount ofstatistical object information being required to not exceed theprobability threshold, because the communications criterion is beingused as an additional discriminator. Multiple sets of communicationscharacteristics can be associated with the original object and multipleoriginal objects can be associated with a single set of communicationscharacteristics. When a statistical object is identified as beingproduced by an original object, a timestamp or other mechanism forindicating recent activity is updated in the communicationscharacteristics associated with the original object. Upon, the lack ofcommunications characteristics associated with original objects after aperiod of time, the original object association should be removed aftersuch periods of inactivity exceed a threshold. Subsequent statisticalobject reception with those removed communications characteristics willproceed as unassociated communications until those communications areagain associated with an original object.

To insure the security of the statistical objects being produced cannotbe readily captured, copied and replayed as original, the algorithmsused to generate the statistical objects use additional information inaddition to the original object as inputs. This additional informationmay include clocks, counters and other deterministic inputs. During theidentification of a statistical object back to an original object, thisadditional information is also identified and used to further validatethe identity of the original object.

The probability threshold has several unique uses. Firstly, the use of aprobability threshold enables the system for statistical object identityto be used with varying numbers of statistical objects contained withinthe table of all valid statistical objects without having theprobability of guessing a statistical object increase as statisticalobjects are added to the valid statistical object table. The systememployed here simply requires additional statistical objects, thusincreasing the amount of information available to maintain the desiredprobability. The second unique attribute of using the probabilitythreshold is that the probability threshold can be changed by the entityperforming statistical object identification without communication,knowledge or coordination of the change by the entity generating thestatistical object. This is especially important in the context of cybersecurity where knowledge of a threat or attack may raise the level ofsecurity desired. This can be used by the entity receiving andperforming statistical object identification to decrease the threshold,requiring more statistical information before the original objectidentity is confirmed. The ability to perform this function withoutrequiring any communication or notification to the entity producing thestatistical object is especially useful and novel.

Additional information can also be conveyed using statistical objects.When additional inputs are used in the generation of the statisticalobject, this information can be extracted during the statistical objectidentification process. Examples of such additional informationincludes, but is not limited to, information regarding the state of somesystem or process, an index into a table of information or other typesof data.

A BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates the general operation of a hash function.

FIG. 2 shows how the hash function illustrated in FIG. 1 maps a set ofinputs to a set of outputs.

FIG. 3 is a graph that illustrates the birthday problem.

FIG. 4 is an illustration which shows an embodiment of the presentinvention.

FIG. 5 is an illustration which shows an alternate embodiment of thepresent invention.

FIG. 6 illustrates certificates that are used to authenticate acommunication.

FIG. 7 shows certificates stored in a remote system.

FIG. 8 shows that certificates are too large to send to the remotesystem in their original form.

FIG. 9 depicts a solution: converting the certificates, which areoriginal objects, to cryptographic hashes, or statistical objects.

FIG. 10 shows how statistical objects and a time value from a clock aresent to the remote system.

FIG. 11 illustrates the result of the conversion of three originalobjects to three statistical objects.

FIG. 12 furnishes a view of Ben's first communication with the remotesystem.

FIG. 13 depicts the comparison process that occurs within a statisticalobject matcher.

FIG. 14 illustrates the role of an accumulated statistical objectselector.

FIG. 15 illustrates the function of an accumulated statistical objectselector.

FIG. 16 illustrates the task of an original object identifier.

FIG. 17 shows that Ben's first communication has failed to beauthenticated.

FIG. 18 supplies a schematic view of Ben's second attempt to communicatewith the remote system.

FIG. 19 depicts the second communication, and the resulting match thatis produced in the statistical object matcher.

FIG. 20 illustrates the process of finding a match.

FIG. 21 shows how the accumulated statistical object selector discardsstatistical objects that do not lead to an authenticating match.

FIG. 22 furnishes a view of a probability calculator, which computes theprobability of a successful guess of accumulated statistical objectinformation.

FIG. 23 reveals the function of a threshold comparator, which comparesthe calculated probability to a probability threshold value.

FIG. 24 exhibits the final result, the authentication of Ben's secondcommunication.

FIG. 25 is an illustration which shows an embodiment of the presentinvention, an integrated SOI system.

FIG. 26 is an illustration which shows an alternate embodiment of thepresent invention, an integrated SOI system.

FIG. 27 is an illustration which shows an alternate embodiment of thepresent invention, an integrated SOI policy system and integrated SOIservices.

FIG. 28 is an illustration which shows an alternate embodiment of thepresent invention with a simple hierarchy.

FIG. 29 is an illustration which shows an alternate embodiment of thepresent invention with a more complex hierarchy.

FIG. 30 is an illustration which shows a network client connected to anetwork.

FIG. 31 is an illustration which shows an embodiment of the presentinvention, a network SOI client.

FIG. 32 is an illustration which shows an embodiment of the presentinvention, an SOI insertion device.

FIG. 33 is an illustration which shows a system of SOI devices.

FIG. 34 is an illustration which shows an alternate system of SOIdevices.

A DETAILED DESCRIPTION OF PREFERRED & ALTERNATIVE EMBODIMENTS I.Overview of the Invention

One embodiment of the present invention provides a method forauthenticating a communication. In an example contained in Section VI, acommunication between a user (Ben) and a remote system is described.Communications received by the remote system must be authenticatedbefore they are allowed. In this Specification, and in the Claims thatfollow, the terms authenticate and authentication are intended to meanthat the identity of a communicator or an initiator of a communicationhas been verified, and that a particular communication is permitted,allowed or otherwise approved to proceed into the remote system.

One limitation of current information networks is that it is difficultto verify or approve a communication before the communication has beenallowed to penetrate a network. One reason for this difficulty is thatthe means of verification, which is called a “certificate,” is too largeto send to the network in the initial set of digital information whichinitiates the communication, and which ultimately leads to anauthentication.

One embodiment of the present invention solves this problem by reducingthe information in the certificate which is used to authenticate thecommunication before it is allowed to proceed by converting thecertificate to a much smaller “statistical object.” The method allowsthe network to determine the identity of the initiator of thecommunication before the communication is given access to the network.This method provides a security feature that substantially eliminatespotentially detrimental and malicious attacks that could be perpetratedon the network using conventional technology.

II. Definition of Terms

Aggregate Statistical Object—A data structure containing one or morestatistical objects, a list of potential original objects that may havecreated the original object(s) and the communications characteristicsthat provide the association between multiple statistical objects.

Authentication—Verifying the identity of a user, process, or device,often as a prerequisite to allowing access to resources in aninformation system.

Authenticating Device—A device that verifies the identity of a user,process or device.

Authentication Information—Information provided for the purpose ofverifying the identity of a user, process or device.

Communications Characteristics—Any of the characteristics, both physicaland logical, that are available to distinguish one communication fromanother and to group discrete communication events into one or morerelated sequences of communications events.

Connection—A logical pairing of two devices that enable them tocommunicate. A connection utilizes a series of packets to accomplishthis. A TCP connection is an example of a connection.

Connection Request—A request by one device to another device to create aconnection.

Device—A device is any object that is capable of being attached orwirelessly connected to and communicating on a network. Examples ofdevices include computers, servers, clients, laptops, PDAs, cell phones,smart phones, network appliances, storage systems, virtual appliances,switches, routers, load balancers, caches, intrusion detection systems,VPNs, authentication devices, intrusion prevention systems, andfirewalls.

Digital Identity—A digital representation of a set of characteristics bywhich a user, process or device is uniquely recognized.

Hash or Hashing function—Any procedure or mathematical method thatconverts are large amount of data into a smaller amount of data. In oneembodiment of the invention, the output may be a single integer or valuewhich serves as an index to an array or database.

IP—IP is the Internet Protocol. The Internet Protocol is a data orientedprotocol used by devices to communicate across a packet switchednetwork. IP information is carried by an IP header in an IP packet. TheIP header contains device address information, protocol controlinformation and user data information.

Network—A network is a collection of computers, servers, clients,routers and devices that are connected together such that they cancommunicate with each other. The Internet is an example of a network.

Original Object—An original object 12S is a string of bits. It is alsoan input to the function that generates a statistical object.

Protocol—In the field of telecommunications, a protocol is the set ofstandard rules for data representation, signaling, authentication, errordetection and other features required to send information over acommunications channel. Not all protocols provide all of these features.Protocols with different features may be layered on top of one anotherto provide a more robust feature set. Examples of protocols are the IPprotocol and the TCP protocol. These protocols are often used togetherand referred to as the TCP/IP protocol.

Protocol Entity—A device, function, process or procedure that implementsa communications protocol.

Statistical Object—The output of a function that has a statisticaldistribution. Commonly, a statistical object is the output of a hashingfunction.

Symmetric Key—A cryptographic key that is used to perform both thecryptographic operation and its inverse, for example to encrypt anddecrypt, or create a message authentication code and to verify the code.

Symmetric Key Authentication—An authentication algorithm that uses asymmetric key to create a message authentication code and to verify thecode.

TCP—TCP is the Transmission Control Protocol. Using TCP, networkeddevices can create connections to one another, over which they can senddata. The TCP protocol guarantees that data sent by one endpoint will bereceived in the same order by the other, and without any pieces missing.The TCP protocol also distinguishes data for different applications(such as a Web server and an email server) on the same device.

III. Preferred and Alternative Embodiments

FIG. 1 is an illustration which shows one particular embodiment of thepresent invention, which includes a device 10. A device 10 stores and/orprocesses at least one original object 12S and at least one statisticalobject 14S. In another embodiment, the device 10 includes a plurality oforiginal objects 12P and a plurality of statistical objects 14P. In thisSpecification, and in the Claims that follow, a single original objectis identified as 12S (S for singular), while a plurality of originalobjects is accompanied by 12P (P for plurality). In this Specification,and in the Claims that follow, a single statistical object is identifiedas 14S (S for singular), while a plurality of statistical objects isaccompanied by 14P (P for plurality). The term “device” is intended toencompass any suitable means for conveying and/or storing information ordata. In the example described in Section VI, the device 10 is a remotesystem. In the embodiments described below, device 10 includes all theother components subsequently described in the Specification.

In one embodiment, the device 10 includes a communications receiver 16which is connected to an external network and to a statistical objectmatcher 18. The statistical matcher 18 is connected to an accumulatedstatistical object selector 20, and has access to the plurality ofstatistical objects 14P stored in the device 10. The accumulatedstatistical object selector 20 is connected to an original objectidentifier 26 and has access to a plurality of accumulated statisticalobjects 14AP. The original object identifier 26 is connected to aprobability calculator 30 and has access to the plurality of originalobjects 12P. The probability calculator 30 is connected to the thresholdcomparator 32 and has access to the plurality of statistical objects14P. The probability comparator 32 is connected to the output of thedevice 10, and has access to a probability threshold value 27.

FIG. 2 is an illustration which shows an alternate embodiment of thepresent invention. Within a device 10, a plurality of original objects12P is used to generate a plurality of statistical objects 14P. Acommunications receiver 16 is located within device 10, and is connectedto the output of device 10 and to a statistical matcher 18. Thestatistical object matcher 18 is connected to an accumulated statisticalobject selector 20 and an associated original object selector 20 and hasaccess to the plurality of statistical objects 14P. The accumulatedstatistical object selector 20 is connected to an associated originalobject identifier 28 and has access to a plurality of accumulatedstatistical objects 42. The associated original object selector 46 isconnected to an associated original object identifier 28 and has accessto a plurality of original objects 12P. The associated original objectidentifier 28 is connected to the probability calculator 30 and hasaccess to the plurality of statistical objects 14P. The probabilitycalculator 30 is connected to the threshold comparator 32 and has accessto the plurality of statistical objects 14P. The probability calculatoris connected to the external XXX of the device 10, and has access to athreshold probability value 27 and the plurality of original objects12P.

IV. Methods of Operation for Statistical Object Identification

In a preferred embodiment of the invention, a device 10 contains aplurality of original objects 12P. For each original object 12S, atleast one statistical object 14S is generated. Multiple statisticalobjects 14P may be generated from a single original object 14S and eachstatistical object 14S has a name, pointer or other indication of theoriginal object 12S from which it was created. Since multiplestatistical objects 14P may be created from a single original object12S, multiple pointers or other indicators of additional inputs to thestatistical object generator may also be provided. These additionalinputs may include clock information, keying information, stateinformation, and other relevant and useful information. The plurality ofstatistical objects 14P generated from the plurality of original objects12P is maintained and is available within the device 10. The pluralityof statistical objects 14P may be individually or as a group,periodically removed, added to, invalidated or otherwise refreshed.Likewise, the plurality of original objects 12P may be individually oras a group removed, added to, invalidated or otherwise refreshed.

When a first statistical object 14F is received by a communicationsreceiver 16, it is received within the context of a communication andhas communications characteristics 22 associated with it. Thesecommunications characteristics 22 may include the network address of thesender of the communication, the physical interface or port upon whichthe communication was received, the logical interface upon which thecommunication was received. For network communications, thecommunications characteristics 22 may include the IPv4 or IPv6 addressof the sender, session information including local and remote addressesand local and remote port numbers, VLAN identifiers and other network,protocol stack and application information. Communicationscharacteristics 22 may also include security association information.Physical characteristics of the communications characteristics 22 mayinclude the frequency or frequencies at which the communication wasreceived. Physical characteristics of communications characteristics 22may also include phase information, time information and amplitudeinformation.

After a first statistical object 14F has been received, using astatistical matcher 18, the first statistical object 14F is comparedagainst the plurality of statistical objects 14P. If a matchingstatistical object 14M is not found, the first statistical object 14F isnot identified and no further statistical object resolution activityoccurs on this reception of a statistical object. If there is at leastone statistical object 14S in the plurality of statistical objects 14Pthat matches the first statistical object 14F, then the firststatistical object 14F, all matching statistical objects 14M andindicators of their respective original objects 12P and thecommunications characteristics 22 are passed to an accumulatedstatistical object selector 20. The accumulated statistical objectselector 20 takes the input communications characteristics 22 and looksfor an accumulated statistical object 14A within the plurality ofaccumulated statistical objects 14AP that has matching communicationcharacteristics 22. If a matching accumulated statistical object 14MA isfound, the first statistical object 14F and the list of all originalobjects 12P associated with the matched statistical objects 14M areadded to the matched accumulated statistical object 14MA. This increasesthe amount of statistical object information. If a matching accumulatedstatistical object 14MA is not found, a new accumulated statisticalobject 14NA is created and added to the plurality of accumulatedstatistical objects 14AP. The communications characteristics of theaccumulated statistical object is copied from the communicationscharacteristics 22, the first statistical object 14F and the list of alloriginal objects 12P associated with the matched statistical objects 14Mare added to the accumulated statistical object 14A. In both cases, theresulting accumulated statistical object 14A is passed to the originalobject identifier 26.

If an accumulated statistical object 14A is inactive for a period oftime, the accumulated statistical object 14A may be removed from theplurality of accumulated statistical objects 14AP. An accumulatedstatistical object 14A may be considered inactive if it has notunambiguously selected a unique original object 12S and firststatistical objects 14FP with matching communications characteristics 22have not been received for a period of time. An accumulated statisticalobject 14A may also be considered inactive if it has selected a uniqueoriginal object 12S, but the accumulated statistical object exceeds theprobability threshold value 27 and first statistical objects withmatching communications characteristics 22 have not been received for aperiod of time.

The original object identifier 26 takes the given accumulatedstatistical object 14A and determines if the accumulated statisticalinformation within the accumulated statistical object could only begenerated by a single, unique original object 12S. This determination ismade by successively pruning associated original objects that, asadditional statistical object information is added, fail to be able togenerate the stream of statistical objects that matches the receivedstatistical objects until only a single original object remains. If aunique original object 12S is not determined, the accumulatedstatistical object 14A is updated with the pruned list of associatedoriginal objects 12P, and no further statistical object resolutionactivity occurs on this reception of a statistical object. If a uniqueoriginal object 12S is determined, the selected original object 12SEL isindicated in the accumulated statistical object 14A and the accumulatedstatistical object 14A is sent to a probability calculator 30. Theprobability calculator 30 takes the given accumulated statistical object22 and based on the number of bits of statistical object informationthat has been accumulated in the accumulated statistical object 22 andthe number of statistical objects in the plurality of statisticalobjects 14P calculates the probability of guessing the accumulatedstatistical object information. The calculated probability 36 is sent tothe threshold comparator 32. The threshold comparator 32 takes the givencalculated probability 36 and compares that value with the thresholdvalue 28. The threshold value may be taken from an original object 12S,may be a configurable value for the plurality of original objects 12Pwithin device 10, or may be controlled by an outside entity. Thethreshold value may be associated with the device 10. If the thresholdcomparator 32 determines that the calculated probability 36 exceeds theprobability threshold value 27, no further statistical object resolutionactivity occurs on this reception of a statistical object 14S. If thethreshold comparator 32 determines that the calculated probability 36 isless than the probability threshold value 27, an indication 34 isproduced that includes the selected original object 26SEL. Theindication 30 may also include the communications characteristics 22 andany other available information required by the receiver of theindication 34. The indication may also contain additional inputs to thestatistical object generator, which may be provided by a pointer from astatistical object 14S. These additional inputs may include clockinformation, keying information, state information, and other relevantand useful information.

By utilizing a probability threshold value 27, a threshold comparator 32and calculating, in real time, the present probability of guessing anaccumulated statistical object 22 based on the number of statisticalobjects present in the plurality of statistical objects 14P, theprobability of guessing an accumulated statistical object is heldconstant while the number of statistical objects present in theplurality of statistical objects 14P can vary. Likewise, the probabilityof guessing a first statistical object 14F is also held constant. Itmust also be noted that the probability threshold value 27 can bechanged at any time. The change in probability threshold value 27 doesnot require the communication or coordination with the generator of thefirst statistical object 18. Because of this, the probability thresholdvalue 27 can be adjusted, and the system for statistical objectidentification will not provide any response until the threshold valuehas been met. This effectively allows the statistical objectidentification system to silently increase or decrease the probabilitythreshold value 27 without providing any detectable indication of thechange in the probability threshold value 27.

In an alternate embodiment of the invention, a device 10 contains aplurality of original objects 12P. For each original object 12S, atleast one statistical object 14 is generated. Multiple statisticalobjects 14 may be generated from a single original object 6 and eachstatistical object 14 contains a name, pointer or other indication ofthe original object 16 from which it was created. The plurality ofstatistical objects 14P generated from the plurality of original objects14P is maintained and is available within the device 10. The pluralityof statistical objects 14P may be individually or as a groupperiodically removed, added to, invalidated or otherwise refreshed.Likewise, the plurality of original objects 12P may be individually oras a group removed, added to, invalidated or otherwise refreshed.

When a first statistical object 14S is received by a communicationsreceiver 16, it is received within the context of a communication andhas communications characteristics 22 associated with it. After a firststatistical object 18 has been received, using a statistical matcher 18,the first statistical object 18 is compared against the plurality ofstatistical objects 14P. If a matching statistical object 14 is notfound, the first statistical object 18 is not identified and no furtherstatistical object resolution activity occurs on this reception of astatistical object. If there is at least one statistical object 14S inthe plurality of statistical objects 14P that matches the firststatistical object 14F, all matching statistical objects 14P andindicators of their respective original objects 12P and thecommunications characteristics 22 are passed to an accumulatedstatistical object selector 20. The communications characteristics 22are also passed to an associated original object selector 24.

The accumulated statistical object selector 20 takes the inputcommunications characteristics 22 and looks for an accumulatedstatistical object 14A within the plurality of accumulated statisticalobjects 14AP that has matching communication characteristics 22. If amatching accumulated statistical object 14A is found, the firststatistical object 14F and the list of all original objects 12Passociated with the matched statistical objects 14M are added to thematched accumulated statistical object 14MA. This increases the amountof statistical object information. If a matching accumulated statisticalobject 14MA is not found, a new accumulated statistical object 14NA iscreated and added to the plurality of accumulated statistical objects14PA. The communications characteristics 22 of the accumulatedstatistical object 14A are copied from the communicationscharacteristics 22, the first statistical object 14F and the list of alloriginal objects 12P associated with the matched statistical objects 14Mare added to the accumulated statistical object 14A. In both cases, theresulting accumulated statistical object 14A is passed to the originalobject identifier 26.

The associated original object selector 24 takes the inputcommunications characteristics 22 and looks for an original object 12Swithin the plurality of original objects 12P that has matchingcommunications characteristics. If a matching original object 12M isfound, that original object is selected, becoming a selected originalobject 12S and is passed to the associated original object identifier26. If there is no matching original object 12M, then nothing is passedto the associated original object identifier 28. If an original object16 is inactive for a period of time, the association with communicationscharacteristics 22 may be removed from the original object 16. Anoriginal object 16 may be considered inactive if first statisticalobjects 18 with matching communications characteristics 22 have not beenreceived for a period of time. An original object 16 may also beconsidered inactive if first statistical objects 18 produced by theassociated original object 16 have not been received for a period oftime.

The associated original object identifier 28 takes the given accumulatedstatistical object 22 and the selected original object 26 and determinesif the accumulated statistical information within the accumulatedstatistical object 22 could have been produced by the selected originalobject 26. If the information contained within the accumulatedstatistical object 14A could have been generated by the selectedoriginal object 12SEL, the selected original object 12SEL is indicatedin the accumulated statistical object 22 and the accumulated statisticalobject 22 is sent to the probability calculator 30. If the informationcontained within the accumulated statistical object 22 could not havebeen produced by the selected original object 12SEL, the selectedoriginal object 12SEL is discarded and the following processing occurs.

The associated original object identifier 28 takes the given accumulatedstatistical object 22 and determines if the accumulated statisticalinformation within the accumulated statistical object could only begenerated by a single, unique original object 12S. This determination ismade by successively pruning associated original objects that, asadditional statistical object information is added, fail to be able togenerate the stream of statistical objects that matches the receivedstatistical objects until only a single original object remains. If aunique original object 12S is not determined, the accumulatedstatistical object 14A is updated with the pruned list of associatedoriginal objects 12P and no further statistical object resolutionactivity occurs on this reception of a statistical object. If a uniqueoriginal object 12S is determined, the selected original object 12SEL isindicated in the accumulated statistical object 14A and the accumulatedstatistical object 14A is sent to the probability calculator 30. Theprobability calculator 30 takes the given accumulated statistical object14A and based on the number of bits of statistical object informationthat has been accumulated in the accumulated statistical object 14A andthe number of statistical objects 14 in the plurality of statisticalobjects 12P that have matching communications characteristics 22,calculates the probability of guessing the accumulated statisticalobject information. The calculated probability 36 is sent to thethreshold comparator 32. The threshold comparator 32 takes the givencalculated probability 36 and compares that value with the probabilitythreshold value 27. The threshold value may be taken from an originalobject 12S, may be a configurable value for the plurality of originalobjects 12P within device 10 or may be controlled by an outside entity.If the threshold comparator 32 determines that the calculatedprobability 36 is greater than the probability threshold value 27, nofurther statistical object resolution activity occurs on this receptionof a statistical object. If the threshold comparator 32 determines thatthe calculated probability 36 is less than the probability thresholdvalue 27, an indication 30 is produced that includes the selectedoriginal object 12SEL and an association is made within the plurality oforiginal objects 12P between the selected original object 12SEL and thecommunications characteristics 22. The indication 30 may also includethe communications characteristics 22 and any other availableinformation required by the receiver of the indication 30. Theassociation between an original object 12S and communicationscharacteristics 22 can also be created prior to receiving a firststatistical object 14F. This allows the system to be pre-populated withassociations that should accelerate the selection of original objectsand make staying beneath the probability threshold value 27 easier.

In addition to the preferred and alternate embodiments described above,there are a number of additional processes that assist the process. Asthe primary mechanism for accumulating information between relatedstatistical objects is driven by the reception of those statisticalobjects, it is therefore necessary to consider how to handle a partiallyidentified statistical object which is then orphaned. An orphanedpartially identified statistical object is an aggregate statisticalobject that has not been fully identified or has exceeded theprobability threshold when the reception of matching communicationscharacteristics ceases, thereby preventing further progress. For thiscase, each accumulated statistical object 14A should have a timestamp orsimilar aging construct that will enable the system to periodically ageout idle, orphaned and otherwise unused objects. This includes theremoval of communication characteristics 22 that have been associatedwith original objects 12P after matching communications have been idlefor a period of time.

As the communications of statistical objects is usually performed whenthe secured transport of an original object cannot be accomplished, itis therefore important that the security and integrity be taken intoaccount in any implementation. To insure that a statistical objectcannot be intercepted during transmission and used by the interceptor,once a statistical object 14S matched from the plurality of statisticalobjects 14P, then that statistical object 14S should be invalidated andthe device 10 should generate a new, different statistical object 14Sfrom the same original object 12S. To further protect against attack,each statistical object 14S should also expire after a period of time ifthat statistical object 14S has not been matched and invalidated.

The association of communications characteristics 22 is usuallyperformed after the successful identification of an original object 12Sand after the calculated probability 36 is determined to be less thanthe probability threshold value 27. It is also possible to pre-assigncommunications characteristics 22 to original objects 12P. This willdecrease the amount of statistical object information necessary toidentify the associated original object. Unlike dynamically associatedcommunication characteristics, pre-assigned associations should notexpire after periods of inactivity.

This method of statistical object identity allows the system to maintaina constant probability threshold, regardless of the number ofstatistical objects that are contained within the plurality ofstatistical objects. This is accomplished by always calculating theprobability of guessing the information contained in the accumulatedstatistical object with respect to both the number of statisticalobjects that are contained within the plurality of statistical objectsand the accumulated statistical object information. As the number ofstatistical objects in the plurality of statistical objects increases,the probability of guessing increases as the amount of statisticalobject information accumulates, the probability of guessing decreases.By comparing the result of the probability calculation against theprobability threshold after each reception of a statistical object thatresults in an identified original object, adherence to the probabilitythreshold is enforced.

This method of statistical object identity is designed to specificallyenable the changing of the probability threshold and not require thatthe changed probability threshold be coordinated or otherwisecommunicated with the entities that are generating and sending thestatistical objects. By not requiring any coordination or communicationwhen changing the probability threshold, the device can change theprobability threshold in response to other external factors such as thethreat or presence of attack or other security or integrity event.

V. Apparatus for Statistical Object Identification

The apparatus that performs statistical object identification is variedand diverse. It ranges from a simple, single function device thatreceives statistical objects via a network or other communicationsmedium, and identifies the original object. Once the identification ismade, the communication may be forwarded to its intended destination.Before identification is made, no communications are allowed to passacross the device. It is expected that in many cases, the apparatus willbe a module or subsystem within a larger system. This module may takethe form of a state machine in a application specific integrated circuit(ASIC) or other form of integrated circuit or semiconductorimplementation. This module may also take the form of logic codingprovided to a programmable logic device such as a field programmablegate array (FPGA), programmable array logic (PAL) and other forms ofprogrammable logic. This module may also take the form of instructionsfor a microprocessor. This module may also take the form of instructionsto a synthetic or virtual processor or machine.

The apparatus that performs statistical object identification may beused in communications devices, security devices, network routingdevices, application routing devices, service delivery devices and otherdevices that are enabled by the addition of the efficient communicationof an original object through the reception of a statistical objectwhich is identified as being generated from an original object.

VI. Examples

One specific, simplified example of the present invention is disclosedin this Section of the Specification. The following example offers adescription of

-   -   1. an original object 12S;    -   2. how that original object 12S is transformed into a        statistical object 14S; and    -   3. how that statistical object 14S is identified as having been        generated by the original object 12S.

The numbering convention that is used in this Specification, theDrawings, and the Claims to identify original and statistical objects ispresented in Table One:

TABLE ONE 10 Device (In this example, the Remote System) 12M MatchedOriginal Object 12P Plurality of Original Objects 12S Original Object12SEL Selected Original Object 14A Accumulated Statistical Object 14APPlurality of Accumulated Statistical Objects 14F First StatisticalObject 14NA New Accumulated Statistical Object 14S Statistical Object

The letter “S” is used to signify a single object, while the letter “P”is used to signify a plurality. The reference character that refers toan original object always includes the numeral “12”, while the numeral“14” is always used to refer to a statistical object.

For these examples, we will consider that an original object 12S is anX.509 certificate. An X.509 certificate is used to provide identity, andis digitally signed to prove its authenticity. For this example, theX.509 certificates are 1 KB in size (1024 bytes, 8192 bits). We need tocommunicate that we are using a specific X.509 certificate to a remotesystem that has a copy of each X.509 certificate that is expected to beused. Unfortunately, the system was designed before there was arequirement to communicate the X.509 certificates, and there is onlyenough space to communicate 32 bits worth of information, certainly notenough to send an entire X.509 certificate which is 256 times larger.But still needing to communicate the X.509 certificate, a cryptographichash, 32 bits in length, is generated for each X.509 certificate and acommon clock. The cryptographic hash is a statistical object 14Sgenerated from an original object 12S. Now let us assume that we have100 of these X.509 certificates, that is 100 original objects 12S. Andlet us assume that for each original object 12S, we generate acryptographic hash of each X.509 certificate and a common clock toproduce 100 statistical objects 14S each 32 bits in length. Fordescriptive purposes, three of these X.509 certificates and theircorresponding statistical objects will be described. X.509 certificate#1 identifies Sally, and generates a statistical object 14S of value22443. X.509 certificate #2 identifies Ben, and generates a statisticalobject 14S of value 32415. X.509 certificate #3 identifies Greg, andalso generates a statistical object 14S of value 32415. The device 10has generated the plurality of statistical objects 14P corresponding tothe plurality of original objects 12P.

Now Ben needs to send a communication containing Ben's statisticalobject to device 10. Device 10 receives Ben's communication using acommunications receiver 16. Although we, the narrator, know that it wasBen that sent the communication to device 10, device 10 does not knowthis. Ben's communication includes Ben's statistical object (firststatistical object 14F) and communications characteristics 22. In thiscase, the communications occurred over a TCP/IP network and the IPsource and destination addresses and the TCP source and destination portnumbers are used as communications characteristics 22. The source IPaddress is 1.1.1.2 and the destination IP address is 1.1.1.3. The sourceTCP port number is 2000 and the destination TCP port number is 3000. Thecommunications receiver 16 sends the received communicationscharacteristics 22 and Ben's statistical object 14F to the statisticalobject matcher 18. The statistical object matcher 18 compares Ben'sstatistical object 14F with the plurality of statistical objects 14P,and determines that there it matches two statistical objects, Ben's andGreg's. The statistical object matcher 18 sends Ben's statistical object14F, the two matched statistical objects 14M (Ben's and Greg's) and thecommunications characteristics 22 to the accumulated statistical objectselector 20. The accumulated statistical object selector 20 comparesBen's communications characteristics 22 with the plurality ofaccumulated statistical objects 14AP and finds no matches. Because nomatches were found, the accumulated statistical object selector 20creates a new accumulated statistical object 14A including Ben'sstatistical object 14F, the two matched statistical objects 14M and thecommunications characteristics 22. The new accumulated statisticalobject 14A is added to the plurality of accumulated statistical objects14AP. The accumulated statistical object information is set to 32 bitsto reflect the information contained in statistical object 14F. Theaccumulated statistical object 14AP is passed to the original objectidentifier 26. The original object identifier 26 determines that theaccumulated statistical object 14AP does not unambiguously identify asingle original object 12S. This concludes the operation of the device10 for the reception of Ben's statistical object. The device 10 does notrespond to Ben's communication because it cannot unambiguously determinewho sent the communication.

Now Ben, who sent the original communication, did not receive aresponse, so he sends another communication. Since time has passed sincethe first communication attempt, the clock value used to generate thestatistical objects has changed. The new statistical objects and theircorresponding X.509 certificates are: X.509 certificate #1 identifiesSally and generates a statistical object 14S of value 84256. X.509certificate #2 identifies Ben and also generates a statistical object14S of value 84256. X.509 certificate #3 identifies Greg and generates astatistical object 14S of value 10845. Due to time passing, device 10regenerates the plurality of statistical objects 14P corresponding tothe plurality of original objects 12P which match Sally, Ben and Greg.

Now Ben sends a second communication containing Ben's currentstatistical object to device 10. Device 10 receives Ben's communicationusing a communications receiver 16. Ben's communication includes Ben'sstatistical object 14F and communications characteristics 22. Again, thecommunications characteristic 22 is source IP address of 1.1.1.2,destination IP address of 1.1.1.3, source TCP port number of 2000 anddestination TCP port number of 3000. The communications receiver 16sends the received communications characteristics 22 and Ben'sstatistical object 14F to the statistical object matcher 18. Thestatistical object matcher 18 compares Ben's statistical object 14F withthe plurality of statistical objects 14P and determines that there itmatches two statistical objects, Ben's and Sally's. The statisticalobject matcher 18 sends Ben's statistical object 14F, the two matchedstatistical objects 14M (Ben's and Sally's) and the communicationscharacteristics 22 to the accumulated statistical object selector 20.The accumulated statistical object selector 20 compares Ben'scommunications characteristics 22 with the plurality of accumulatedstatistical objects 14AP, and finds a match with Ben's previouscommunication. The matched accumulated statistical object 14A includesthe previous matched statistical object 14M containing Ben's and Greg'sstatistical objects and is compared against the two matched statisticalobjects 14M matching Ben's statistical object 14F containing Ben's andSally's statistical objects. The intersection of both matchedstatistical sets is Ben. Greg and Sally are removed from the accumulatedstatistical object 14A. The accumulated statistical object informationincreases from 32 bits to 64 bits with the addition of statisticalobject 14F. The accumulated statistical object 14A is passed to theoriginal object identifier 26. The original object identifier 26 takesthe given accumulated statistical object 14A and determines if theaccumulated statistical information within the accumulated statisticalobject could only be generated by a single, unique original object 12S.Original object 12S is Ben's X.509 certificate. Original object 12S isnow indicated as selected original object 12SEL, and is passed to theprobability calculator 30. The probability calculator 30 takes the givenaccumulated statistical object 14A, and, based on the number of bits ofstatistical object information that has been accumulated in theaccumulated statistical object 14A and the number of statistical objectsin the plurality of statistical objects 14P, calculates the probabilityof guessing the accumulated statistical object information.

In this example, we have 100 statistical objects and have received 64bits of statistical object information (32 bits×2). The probability ofguessing is calculated by using the formula:

p(n;d)≈1−e ^(−n) ² ^(/(2×d))

where n is the number of statistical objects in the table of validstatistical objects;

d is the total number of unique statistical objects available; and

d is d=2^(b) where b is the number of bits of statistical objectinformation received.

Therefore:

d=2⁶⁴,n=100 resulting in p(100,2⁶⁴)≈1−e⁻¹⁰⁰ ² ^(/(2×2) ⁶⁴ ⁾p(100,2⁶⁴)≈0.

In this case, with only a few original objects (100) and a relativelylarge amount of accumulated statistical object information, theprobability of guessing those 64 bits of accumulated statistical objectinformation is vanishingly small, approaching zero. This calculatedprobability 36 and the accumulated statistical object 22 are passed tothe threshold comparator 32. The threshold comparator 32 takes thecalculated probability 36 and compares it with the probability thresholdvalue 27. In our example, the probability threshold value 27 is 1 in amillion. The threshold comparator 32 determines that our calculatedprobability 27 of zero is less than the probability threshold value of 1in a million. Having not exceeded our probability threshold value 27,the threshold comparator 32 makes an indication 30 that includes theselected original object 12SEL Ben. This indication 30 communicates toother functions within the device 10 that the communication was sent byBen and has not exceeded the probability threshold value 27, and thatthe device 10 should now respond to Ben's communication.

In a second example, we continue with the first example but change thenumber of original objects 12S from 100 to 100,000,000 (one hundredmillion). The calculated probability 36 of guessing the accumulatedstatistical object 14A with 64 bits of information is 2.674%, greaterthan the probability threshold value of 1 in a million. Since this isgreater than the threshold, this concludes the operation of the device10 for the reception of Ben's statistical object. The device 10 does notrespond to Ben's communication because it has exceeded the probabilitythreshold value 27. Now Ben, who sent the original communications againdid not receive a response, so he sends another communication. Device 10receives Ben's communication using a communications receiver 16. Ben'scommunication includes Ben's statistical object 14F and communicationscharacteristics 22. Again, the communications characteristic 22 issource IP address of 1.1.1.2, destination IP address of 1.1.1.3, sourceTCP port number of 2000 and destination TCP port number of 3000. Thecommunications receiver 16 sends the received communicationscharacteristics 22 and Ben's statistical object 14F to the statisticalobject matcher 18. The statistical object matcher 18 compares Ben'sstatistical object 14F with the plurality of statistical objects 14P anddetermines that there it matches only a single statistical object,Ben's. The statistical object matcher 18 sends Ben's statistical object14F, the matched statistical object 14M (Ben's) and the communicationscharacteristics 22 to the accumulated statistical object selector 20.The accumulated statistical object selector 20 compares Ben'scommunications characteristics 22 with the plurality of accumulatedstatistical objects 14AP, and finds a match with Ben's previouscommunication. The matched accumulated statistical object 14A includesthe previous matched statistical object 14M containing only Ben and iscompared against the matched statistical object 14M matching Ben'sstatistical object 14F containing Ben. The intersection of both matchedstatistical sets is Ben. The accumulated statistical object informationincreases from 64 bits to 96 bits with the addition of statisticalobject 14F. The accumulated statistical object 14A is passed to theoriginal object identifier 26. The original object identifier 26 takesthe given accumulated statistical object 14A and determines if theaccumulated statistical information within the accumulated statisticalobject could only be generated by a single, unique original object 12S.Original object 12S is Ben's X.509 certificate. Original object 12S isnow indicated as selected original object 12SEL, and is passed to theprobability calculator 30. The probability calculator 30 takes the givenaccumulated statistical object 22, and, based on the number of bits ofstatistical object information that has been accumulated in theaccumulated statistical object 22 and the number of statistical objectsin the plurality of statistical objects 14P, calculates the probabilityof guessing the accumulated statistical object information. In a secondexample, we continue with the first example but change the number oforiginal objects 12S from 100 to 100,000,000 (one hundred million). Thecalculated probability 36 of guessing the accumulated statistical object14A with 96 bits of information is again vanishingly small, approachingzero. This calculated probability 36 and the accumulated statisticalobject 22 are passed to the threshold comparator 32. The thresholdcomparator 32 takes the calculated probability 36 and compares it withthe probability threshold value 27. The threshold comparator 32determines that our calculated probability 27 of 0 is less than theprobability threshold value of 1 in a million. Having not exceeded ourprobability threshold value 27, the threshold comparator 32 makes anindication 30 that includes the selected original object 12SEL Ben. Thisindication 30 communicates to other functions within the device 10 thatthe communication was send by Ben and has not exceeded the probabilitythreshold value 27 and that the device 10 should now respond to Ben'scommunication.

In a third example, we continue with the second example and add anassociation of the selected original object 12SEL (Ben) and thecommunications characteristics 22. This allows for the optimization ofsubsequent communication requests from Ben.

Continuing with the third example, Ben makes another communication todevice 10 during which within device 10 an association exists betweenBen's original object and the communications characteristics 22 of Ben'sprevious communication. Device 10 receives Ben's communication using acommunications receiver 16. Ben's communication includes Ben'sstatistical object (first statistical object 14F) and communicationscharacteristics 22. This time, the communications characteristics 22 issource IP address of 1.1.1.2, destination IP address of 1.1.1.3, sourceTCP port number of 5000 and destination TCP port number of 7000. Thesource IP address is the same source IP address that was used in theprior, accepted communications. The statistical object matcher 18compares Ben's statistical object 14F with the plurality of statisticalobjects 14P, and determines that there it matches two statisticalobjects, Ben's and Greg's. The statistical object matcher 18 sends Ben'sstatistical object 14F, the two matched statistical objects 14M (Ben'sand Greg's) and the communications characteristics 22 to the accumulatedstatistical object selector 20 and sends the communicationscharacteristics 22 to the associated original object selector 24. Theaccumulated statistical object selector 20 compares Ben's communicationscharacteristics 22 with the plurality of accumulated statistical objects14AP and finds no matches. Because no matches were found, theaccumulated statistical object selector 20 creates a new accumulatedstatistical object 14A including Ben's statistical object 14F, the twomatched statistical objects 14M and the communications characteristics22. The new accumulated statistical object 14A is added to the pluralityof accumulated statistical objects 14AP. The accumulated statisticalobject information is set to 32 bits to reflect the informationcontained in statistical object 14F. The accumulated statistical objectselector 20 sends the accumulated statistical object 14A to theassociated original object identifier 28.

The associated original object selector 24 receives the communicationscharacteristics 22 and compares them with the communicationscharacteristics 22 associated with the plurality of original objects12P. Because an association exists between Ben's original object andBen's communications characteristics 22, the associated original objectselector 24 selects Ben's original object, indicated as 12SEL and passesthe selected original object 12SEL to the associated original objectidentifier 28.

The associated original object identifier 28 takes the accumulatedstatistical object 14A and the selected original object 12SEL (Ben) andinsures that the accumulated statistical object 14A could have beengenerated from the selected original object 12SEL. Upon determining thatthe accumulated statistical object 14A was producable by the selectedoriginal object 12SEL, the intersection of the original objects 14 iscalculated using the original objects associated with the matchedstatistical objects 14M (Ben and Greg) and the selected original object12SEL (Ben) resulting in Ben. This intersection is indicated in theaccumulated statistical object 14A. Since there is exactly one originalobject now contained in the accumulated statistical object 14A, theaccumulated statistical object 14A is sent to the probability calculator30.

The probability calculator 30 takes the given accumulated statisticalobject 14A, and, based on the number of bits of statistical objectinformation that has been accumulated in the accumulated statisticalobject 14A and the number of statistical objects in the plurality ofstatistical objects 14P, calculates the probability of guessing theaccumulated statistical object information.

In this example, we have 100,000,000 statistical objects and havereceived 32 bits of statistical object information, but we have only asingle statistical object that is associated with the Ben'scommunications characteristics 22. Therefore, instead of using100,000,000 as the number of statistical objects, the number ofstatistical objects is 1, resulting in a calculated probability 36 ofp=½³². This calculated probability 36 and the accumulated statisticalobject 22 are passed to the threshold comparator 32. The thresholdcomparator 32 takes the calculated probability 36 and compares it withthe probability threshold value 27. The threshold comparator 32determines that our calculated probability 27 of p=½³² is less than theprobability threshold value of 1 in a million. Having not exceeded ourprobability threshold value 27, the threshold comparator 32 makes anindication 30 that includes the selected original object 12SEL Ben. Thisindication 30 communicates to other functions within the device 10 thatthe communication was sent by Ben and has exceeded the probabilitythreshold value 27 and that the device 10 should now respond to Ben'scommunication. It should be noted that in this third example, because weare using the communications characteristics 22 associated with theoriginal object 12, we can arrive at a selected original object 12SELand not exceed the probability threshold value 27 while receiving fewerbits of information from the received statistical object 14F.

VII. Objects, Binding, Metadata and Communications

The present invention describes original objects 12S and statisticalobjects 14S. In its simplest form, an original object 12S is a string ofbits. For example, the string “Hello, my name is John” is an originalobject 12S. An original object 12S could be signed by a third party toinsure its authenticity. When an original object 12S is signed, adigital signature is bound to the original object 12S. The resultingsigned original object 12S is itself another original object 12S. Adigital signature is generated by a trusted third party and is bound tothe original object 12S with metadata. This metadata usually is relatedto or derived from the original object 12S, but may also be unrelated tothe original object such as geographic, biometric, physical, logical,temporal, dimensional and virtual data. An original object 12S may alsobe associated with a cryptographic key or set of keys. An originalobject associated with a set of cryptographic keys is called a keyedoriginal object. A keyed original object is itself an original object12S. The present invention can use any of these original object forms.

A statistical object or an original object can be communicated through awide variety of mechanisms. When statistical or original objects arecommunicated, the easiest way is to have the communications mechanismdesigned to support the required information requirements of theoriginal or statistical objects. When a communications system is beingretrofitted to communicate original or statistical objects, there areseveral approaches that can be used. In a preferred embodiment, anoriginal or statistical object can replace other information in theoriginal message. Generally, this approach only works when the originalor statistical object fits within an unused field or a field that can beregenerated to make up for the information lost during the replacement.An example of this is Transport Access Control (TAC). When this approachis not feasible, there are other methods that can be used, includingtunneling, packet encapsulation and establishing a secondarycommunications channel. In tunneling, a network session is created. Themessages are communicated within this tunnel. Original or statisticalobjects can be communicated during session establishment or duringtunnel operation. An example of this is IPsec in tunnel mode. Packetencapsulation wraps each message with another encapsulating message.Original or statistical objects can be communicated in the encapsulatingmessage. Examples of encapsulation include VLAN tagging and MPLStagging. If neither of these mechanisms is suitable, a parallelcommunications channel can be created and the original or statisticalobjects can be communicated by the parallel channel. An example of aparallel channel is Internet Key Exchange (IKE) where an original objectis communicated by the IKE protocol and the resulting securityassociation is used by the IPsec protocol.

VIII. System Architecture

FIG. 25 is an illustration which shows one particular embodiment of thepresent invention, which includes an integrated SOI system 51. Theintegrated SOI system 51 receives messages through two networkinterfaces 67. In this embodiment, one of the network interfaces 67 isconnected to a network 64 and the other network interface 67 isconnected to a network resource 62. All traffic that is communicatedbetween the network interfaces 67 must traverse the SOI policy service40. The SOI policy service 40 is aided by an SOI resolution service 46.The SOI resolution service 46 is internally aided by a bootstrap keyingservice 44, a clock 47 and an object activation service 50. The SOIpolicy service 40 also has access to a dynamic blacklist table 56 and apolicy table 59. Alternate embodiments of an integrated SOI system 51may choose not to include a bootstrap keying service 44, or an objectactivation service 50.

FIG. 26 is an illustration which shows an alternate embodiment of thepresent invention, which includes an integrated SOI system 51. In thisalternate embodiment, the SOI policy service 40 is also aided directlyby an object activation service 50.

FIG. 27 is an illustration which shows an alternate embodiment of thepresent invention, a system of an integrated SOI policy system 53 andintegrated SOI services 55. The integrated SOI policy system 53 receivesmessages through two network interfaces 67. In this embodiment, one ofthe network interfaces 67 is connected to a network 64 and the othernetwork interface 67 is connected to a network resource 62. All trafficthat is communicated between the network interfaces 67 must traverse theSOI policy service 40. The SOI policy service 40 is aided locally by anSOI resolution service 46, which is in turn aided by a local clock 47.The SOI policy service 40 is also aided by integrated SOI services 55.The integrated SOI services 55 is composed of a bootstrap keying service44, an SOI resolution service 46, a clock 47 and an object activationservice 50. The SOI policy service 40 also has access to a dynamicblacklist table 56 and a policy table 59. Alternate embodiments ofintegrated SOI services 55 may choose not to include a bootstrap keyingservice 44, or an object activation service 50.

FIG. 28 is an illustration which shows an alternate embodiment of thepresent invention, a system of multiple instances of an integrated SOIpolicy system 53 and a single instance of integrated SOI services 55.

FIG. 29 is an illustration which shows an alternate embodiment of thepresent invention, a system of multiple instances of an integrated SOIpolicy system 53 and multiple instances of integrated SOI services 55.In this embodiment, the top level instance of integrated SOI services 55does not include a bootstrap keying service 44, or an object activationservice 50. The top level instance of integrated SOI services 55includes an SOI resolution service 46 and a clock 47.

FIG. 31 is an illustration which shows one particular embodiment of thepresent invention, which includes an SOI network client 69. The SOInetwork client 69 receives messages through a network interface 67 andfrom a computer application 65. All traffic that is communicated betweenthe computer application 65 and the network interfaces 67 must traversethe SOI insertion policy service 42. The SOI insertion policy service 42is aided by a bootstrap keying agent 45, a clock 47 and an objectactivation agent 48. Alternate embodiments of an SOI network client 69may choose not to include a bootstrap keying agent 45, or an objectactivation agent 48.

FIG. 32 is an illustration which shows an alternate embodiment of thepresent invention; a system of a network client 66 and an SOI insertiondevice 70. The SOI insertion device 70 receives messages from twonetwork interfaces 67. In this embodiment, one of the network interfaces67 is connected to a network 64 and the other network interface 67 isconnected to a network client 66. All traffic that is communicatedbetween the network interfaces 67 must traverse the SOI insertion policyservice 42. The SOI policy insertion service 42 is aided by a bootstrapkeying agent 45, an SOI resolution service 46, a clock 47 and an objectactivation agent 48. The SOI policy insertion service 42 also has accessto an insertion object table 57. Alternate embodiments of an SOI networkclient 69 may choose not to include a bootstrap keying agent 45, an SOIresolution service 46 or an object activation agent 48.

FIG. 33 is an illustration of an embodiment of an SOI system. An SOInetwork client 69 is connected to a network 64. Other SOI networkclients 69 are connected through a SOI insertion device 70. A series ofnetwork client 66 are connected to SOI insertion devices 70. Thenetworks 64 are connected to a series of integrated SOI systems 51 andintegrated SOI policy systems 53. The integrated SOI systems 51 and theintegrated SOI policy systems are connected to a series of integratedSOI policy services 55.

FIG. 34 is an illustration of an alternate embodiment of an SOI system.

IX. System Operation

The SOI systems presented here operate on the principle that originalobjects 12S that are known to both an SOI network client 69 or an SOIinsertion device 70 and an integrated SOI policy service 40 or an SOIresolution service 46. All other information, including the sourceaddress of an SOI network client 69 or a network client 66, the state ofsynchronization of a clock 47 within an SOI network client 69 or an SOIinsertion device 70 and knowledge of secure, shared keying material arepresumed to be unknown. Furthermore, it is expected that all servicescontained within integrated SOI systems 51, integrated SOI policysystems 53 and integrated SOI service 55 are protected againstdiscovery, attack and compromise and thus require a secure, measuredapproach to obtaining this unknown information which is required forproper SOI operation. Operating an SOI system has up to three phases foreach original object. These three phases of operation are bootstrapkeying, object activation and statistical object identification.

The objective of the first phase of operation, bootstrap keying, is toprovide a set of statistical objects 14S to an SOI network client 69 oran SOI insertion device 70 to enable the authenticated accessing of theobject activation service 50. During the bootstrap keying phase, abootstrap keying agent 45 communicates with a bootstrap keying service44. During this communications, the bootstrap keying agent 45 sends anoriginal object 12S to the bootstrap keying service 44. The bootstrapkeying service 44 responds by sending a set of statistical objects 14Sto the bootstrap keying agent 45 to use in the object activation phase.The communication between the bootstrap keying agent 45 and thebootstrap keying service 44 must be secure and private, so that aneavesdropper cannot obtain the statistical objects 14S. In a preferredembodiment, the Internet Engineering Task Force (IETF) protocol InternetKey Exchange version 2 (IKEv2) is used to provide bootstrap keying.

Once bootstrap keying has been completed, operation moves to the secondphase, object activation. The objective of the object activation phaseis to provide an SOI network client 69 or an SOI insertion device 70with the necessary information to generate statistical objects 14S fromoriginal object 12S such that the statistical objects 14S will beresolved by an integrated SOI system 51 or an SOI resolution service 46.During the object activation phase, an object activation agent 48communicates with an object activation service 50. During thiscommunication, the object activation agent 48 sends one or more originalobjects 12S, metadata associated with the original objects 12S and thetime from a clock 47 local to the SOI network client 69 or SOI insertiondevice 70 to the object activation service 50.

The object activation service 50 responds 44 sending a set of keyinginformation 61 and expiration criterion 63 to the object activationagent 48. The keying information 61 provided to the object activationagent 48 includes a clock offset. This is used to providesynchronization between the clock 47 that is local to the SOI networkclient 69 or SOI insertion device 70 and the clock 47 that is local tothe integrated SOI system 51 or the SOI resolution service 46. This isnecessary because many clocks in networking and computing devices lackthe ability to maintain high degrees of accuracy over long periods oftime. In the present invention, the clocks are synchronized during theobject activation phase and must only remain in synchronization untilthe provided expiration criterion is met. In a preferred embodiment, theexpiration criterion should be met before the clocks losesynchronization due to clock drift. The synchronized clock is used as aninput to the hashing algorithm that is used to generate statisticalobject 14S.

The keying information 61 provided to the object activation agent 48also includes a session key. This session key is used as an input to thehashing algorithm that is used to generate statistical objects 14S. Theuse of session keys eliminates the need to securely store keys. When anSOI network client 69 or an SOI insertion device 70 is powered off, orif the link fails connecting to the network 64, then the session key islost and the SOI network client 69 or SOI insertion device 70 mustperform object activation again to obtain a new session key.

The keying information 61 provided to the object activation agent 48also includes an asynchronous clock reset value. This asynchronous clockreset value is used as an input to the hashing algorithm that is used togenerate statistical objects 14S. The use of an asynchronous clock resetvalue eliminates the need for a high frequency clock. Higher frequencyclocks can be more difficult to synchronize. Using an asynchronous clockwith a reset value enables statistical objects 14S to be generated at arate greater than the clock frequency while still maintaining uniquestatistical objects 14S. On each tick of the synchronized clock 47, theasynchronous clock is set to the asynchronous clock reset value.Whenever a statistical object is generated, the synchronous clock isincremented. In this way, the combination of the synchronized clock andthe asynchronous clock will always result in a unique value.

When the object activation agent 48 communicates original objects 12S tothe object activation service 50, the object activation agent 48 mayalso communicate metadata associated with the original object 12S. Thismetadata may be geophysical information, biometric information,application metadata or any other metadata that an object activationservice 50 may use in its activation process. The object activationservice 50 may be presented with more than one original object 12S fromthe object activation agent 48. The keying information 61 associatedwith the original object 12S is provided at the discretion of the objectactivation service 50. The object activation service 50 may providekeying information 61 for only a subset of the original objects 12S orthe object activation service 50 may not provide keying information 61for any of the original objects 12S. The object activation service 50may have policies or rules that govern what original objects 12S ororiginal objects 12S and their associated metadata will be given keyinginformation 61. These policies or rules can be as simple as “IF theoriginal object is Ben THEN provide keying information” or they can bemore complex such as “IF the original object is Ben and the associatedmetadata indicates that Ben is in California THEN provide keyinginformation” or “IF the original object is Ben and the associatedmetadata indicates that the requesting application is Email THEN providekeying information”. A single original object 12S with multiple metadataassociations may be given multiple sets of keying information 61corresponding to the different metadata associations.

The communication between the object activation agent 48 and the objectactivation service 50 must be secure and private, so that aneavesdropper cannot obtain the keying information 61. In a preferredembodiment, the communications is secured by using Transport AccessControl, which uses a statistical object 14S to establish a TCP sessionbetween the object activation agent 48 and the object activation service50. Once the TCP session has been established, a TLS session isestablished to provide privacy for the information. In a preferredembodiment, the original object 12S provided during TLS sessionestablishment should be the same original object that was providedduring the bootstrap keying phase.

Once object activation has been completed, operation moves to the thirdphase, statistical object identification. As this point, an SOI networkclient 69 or an SOI insertion device 70 has the information necessary togenerate statistical objects 14S and an integrated SOI system 51 or anSOI resolution service 46 has the same information, enabling them toresolve received statistical objects 14S generated by an SOI networkclient 69 or an SOI insertion device 70 to the original objects 12S.

An SOI system has two primary components, an SOI insertion policyservice 42 and an SOI policy service 40. Both of these services canreside in a single device. The SOI insertion policy service 42 isresponsible for generating statistical objects 14S from an originalobject 12S and inserting the statistical object 14S into a message 68.The SOI policy service 40 is responsible for receiving the message 68,extracting the statistical object 14S and using a local SOI resolutionservice 46, performing statistical object identification to determinethe original object 12S.

The SOI resolution service 46 operates as device 10. When a statisticalobject 14S is successfully resolved to an original object 12S and theprobability threshold value 27 has been met, the original object 12S iscommunicated to the SOI policy service 40 where the original object 12Sused as a key to locate policy information 60 in a policy table 59. Thepolicy information 60 describes what to do with the message 68. Commonpolicies include forwarding the message 68 to its intended destination,discarding the message 68, or rewriting the message 68 or itscorresponding communications characteristics 22. In a preferredembodiment, when the SOI resolution service 46 cannot find a matchingstatistical object 14M that matches the statistical object 14Sassociated with the message 68, then the original object 12S associatedwith the message 68 is a special original object called “the unknownobject”. The unknown object is communicated to the SOI policy service 40where it is used as a key to locate policy information 60 in a policytable 59. The policy information 60 describes what to do with themessage 68.

In an alternate preferred embodiment, when the SOI resolution service 46cannot find a matching statistical object 14M that matches thestatistical object 14S associated with the message 68, the SOIresolution service 46 sends the message 68 and the associatedstatistical object 14S to a second SOI resolution service 49. The entiremessage 68 is sent so that the SOI resolution service 46 can operatestatelessly with respect to the message 68. The second SOI resolutionservice 49 operates as device 10. The second SOI resolution service 49receives the message 68 and the associated statistical object 14S andperforms statistical object identification. When a statistical object14S is successfully resolved to an original object 12S and theprobability threshold value 27 has been met, the original object 12S,the associated message 68, keying information 61, policy information 60and expiration criterion are all communicated to the SOI resolutionservice 46. The SOI resolution service 46 received the information andgenerates statistical objects 14S until the expiration criterion 63 ismet. The original object 12S, the message 68 and policy information 60is communicated to the SOI policy service 40 where the policyinformation 60 is placed in the policy table 59. The message 68 isprocessed in accordance with the policy information 60. Subsequentmessages 68 with statistical objects 14S generated from the sameoriginal object 12S will be processed solely by the SOI resolutionservice 46 until the expiration criterion 63 is met and this processdoes not require the assistance of the second SOI resolution service 49.In this way, a local instance of an SOI resolution service 46 can learnoriginal objects 12S and their associated keying information 61, theirassociated policy information 60 and their expiration criterion 63. Thisprocess can also be extended with additional levels of SOI resolutionservices 46.

The SOI system is vulnerable to brute force attacks unless defenses aremade to detect and mitigate them. A brute force attack on SOI is when anattacker generates a large number of statistical objects 14S in anattempt to guess a valid statistical object. In the present invention, astatistical object can only be tested for validity by presenting it toan SOI resolution service 46. Although the statistical objects 14S aregenerated with a timing component that enables then to be automaticallyexpired, multiple attempts to guess a valid statistical object 14S canstill be made, with sophisticated attackers generating hundreds ofthousands or millions of attempts per second. To combat this, in apreferred embodiment, the SOI resolution service 46 maintains a count offailed statistical object resolutions and the communicationscharacteristics 22 associated with each failed resolution. When thenumber of failed resolutions exceeds a threshold, then an entrycontaining the communications characteristics 22 is made in a dynamicblacklisting table 56. The dynamic blacklisting table 56 is used by theSOI policy service 40 and is queried first. If the communicationscharacteristics 22 associated with a received message 68 match an entryin the dynamic blacklisting table 56, then the message is discardedbefore any additional work is performed. Each entry in the dynamicblacklisting table 56 has an expiration criterion 63. When theexpiration criterion is met, then the entry is removed from the dynamicblacklisting table 56. The expiration criterion 63 should insure thatall statistical object 14S in the plurality of statistical objects 14Phave aged out before the expiration criterion 63 is met. New entries tothe dynamic blacklisting table 56 should be communicated to allintegrated SOI system 51 and integrated SOI policy system 53 entities.

An SOI insertion policy service 42 is used by an SOI network client 69and an SOI insertion device 70. In an SOI network client 69, the SOIpolicy insertion service 42 operates on the same device as the computerapplication 65. An SOI network client 69 generally presents a singleoriginal object 12S during object activation, but may present multipleassociated metadata relationships, which may result in multiple sets ofkeying information 61. The SOI policy insertion service 42 in an SOInetwork client 69 only performs object activation and statistical objectidentification for itself and does not generate statistical objects onbehalf of network clients 66. In an SOI insertion device 70, the policyinsertion service 42 operates on a separate device, logical or physical,as the computer application 65. The SOI policy insertion service 42 inan SOI insertion device 70 performs object activation and SOI on behalfof other network clients 66.

The object activation agent 45 of an SOI network client 69 maycommunicate metadata in addition to communicating an original object 12Sto the object activation service 50. In response, the object activationservice 50 communicates sets of keying information 61 and expirationcriterion 63 to the object activation agent 45. Subsequently, when thecomputer application 65 in an SOI network client 69 attempts tocommunicate with a network resource 62 by sending a message 68, the SOIinsertion policy service 42 intercepts the message 68, generates astatistical object 14S based on the keying information 61 provided tothe object activation agent 45 and inserts the statistical object 14Sinto the message 68. The message 68 is then forwarded to the networkresource 62. If the object activation agent 45 sent metadata to theobject activation service 50, the SOI insertion policy service 42 mustselect the appropriate keying information 61 when generating thestatistical object 14S. For example, if the object activation agent 45uses a certificate showing the Identity of “Ben” as the original object12S and also sends a list of application signatures as metadatacomponents associated with the original object 12S to the objectactivation service 50 as follows:

Index Application Signature 1 email application signature 1 2 safariapplication signature 2 3 facebook application signature 3The object activation service 50 may return a set of keying information61, with each element of the set being associated with a differentmetadata components as follows:

Index Keying Information 1 keying information 1 2 keying information 2 3no keying informationWith this keying information 61, and the computer application 65 being“safari”, when a message 68 is received by the SOI policy insertionservice 42, the SOI policy insertion service 42 will determine that thecomputer application 65 that sent the message 68 was “safari” and willthen generate a statistical object 14S based on the keying information61 “keying information 2”. This enables an integrated SOI system 51 oran integrated SOI policy system 53 to determine that the message 68 wassent by “Ben” using the application “safari”.

When an SOI insertion device 70 is used in place of an SOI networkclient 69, the SOI insertion device 70 must be able to associatecommunications characteristics 22 with an original object 12S beforebeing able to generate a statistical object 14S. When a network client66 sends a message 68 to a network resource 62, it is received by an SOIinsertion device 70. The communications characteristics 22 associatedwith the received message 68 are compared to entries in an insertionobject table 57 by the SOI policy insertion service 42. If a matchingentry is found, the corresponding keying information 61 is used by theSOI policy insertion service 42 to generate a statistical object 14S andthe statistical objet 14S is inserted into the message 68 which isforwarded to the network resource 62. The provisioning of entries ofcommunications characteristics 22 and associated keying information 61in the insertion object table 57 can be accomplished manually orstatically or can be automated and self learning. In a preferredembodiment, when a message 68 with associated communicationscharacteristics 22 is received by an SOI policy insertion service 42 andthe communications characteristics 22 do not match any entries in theinsertion object table 57, the SOI policy insertion service 42 can queryan external service, using the communications characteristics 22 as thequery key. The external service may return an original object 12Sassociated with the communications characteristics 22. For example, fornetworks using IEEE 802.1x port authentication, the source MAC addressmay be used as the query key and the external service would return theauthenticated identity associated with the source MAC address. Once theSOI policy insertion service 42 has received an original object 12S fromthe external service, an object activation agent 48 will communicate theoriginal object 12S to an object activation service 50, which may returnkeying information 61 and expiration criterion 63 back to the objectactivation agent 48. This information is added to the insertion objecttable 57. Periodically, the insertion object table 57 must be checked todetermine if any of the expiration criterion 63 has been satisfied andif so, the entry corresponding to the satisfied expiration criterion isremoved from the insertion object table 57.

CONCLUSION

Although the present invention has been described in detail withreference to one or more preferred embodiments, persons possessingordinary skill in the art to which this invention pertains willappreciate that various modifications and enhancements may be madewithout departing from the spirit and scope of the claims that follow.The various alternatives for providing an efficient means forstatistical object identity that have been disclosed above are intendedto educate the reader about preferred embodiments of the invention, andare not intended to constrain the limits of the invention or the scopeof Claims. The List of Reference Characters which follows is intended toprovide the reader with a convenient means of identifying elements ofthe invention in the Specification and Drawings. This list is notintended to delineate or narrow the scope of the Claims.

LIST OF REFERENCE CHARACTERS

-   10 Device (Remote System)-   12M Matched Original Object-   12P Plurality of Original Objects-   12S Original Object-   12SEL Selected Original Object-   14A Accumulated Statistical Object-   14AP Plurality of Accumulated Statistical Objects-   14F First Statistical Object-   14M Matching Statistical Object-   14MA Matching Accumulated Statistical Object-   14MP Plurality of Matching Statistical Objects-   14NA New Accumulated Statistical Object-   14P Plurality of Statistical Objects-   14S Statistical Object-   16 Communications Receiver-   18 Statistical Object Matcher-   20 Accumulated Statistical Object Selector-   22 Communications Characteristics-   24 Associated Original Object Selector-   26 Original Object Identifier-   27 Probability Threshold Value-   28 Associated Original Object Identifier-   30 Probability Calculator-   32 Threshold Comparator-   34 Indication-   36 Calculated Probability-   (All components from 12M to 36 are included in device 10).-   40 SOI Policy Service-   42 SOI Insertion Policy Service-   44 Bootstrap Keying Service-   45 Bootstrap Keying Agent-   46 SOI Resolution Service-   47 Clock-   48 Object Activation Agent-   49 Second SOI Resolution Service-   50 Object Activation Service-   51 Integrated SOI System-   52 Identity Management System-   53 Integrated SOI Policy System-   55 Integrated SOI Services-   56 Dynamic Blacklisting Table-   57 Insertion Object Table-   59 Policy Table-   60 Policy Information-   61 Keying information-   62 Network Resource-   63 Expiration Criterion-   64 Computer Network-   65 Computer Application-   66 Network Client-   67 Network Interface-   68 Message-   69 SOI Network Client-   70 SOI Insertion Device

What is claimed is:
 1. A method comprising the steps of: an objectactivation agent (48) having access to a clock (47) and having at leastone original object (12S); said object activation agent (48)communicating said original object (12S) and time from said clock (47)to an object activation service (50); and said object activation service(50) providing and communicating keying information (61) and expirationcriterion (63) for at least one of said original objects (12S) to saidobject activation agent (48).
 2. A method as recited in claim 1, wheresaid original object (12S) is obtained from an external service.
 3. Amethod as recited in claim 1, where said object activation service (50)determines if network address translation was performed between saidobject activation agent (48) and said object activation service (50). 4.A method as recited in claim 3, where said object activation service(50) communicates said determination of network address translation tosaid object activation agent (48).
 5. A method as recited in claim 1,further comprising the additional steps of: providing an SOI policyservice (40), an SOI Insertion Policy service (42) and a networkresource (66); said object activation agent (48) communicating saidkeying information (61), and expiration criterion (63) for each of thesaid original objects (12S) to said SOI insertion service (40); saidnetwork client (66) sending a message (68) to said network resource(62); said message (68) being communicated through said SOI insertionservice (42); said SOI insertion service (42) selecting one of saidoriginal objects (12S) and generating a statistical object (14S) usingsaid keying information (61) associated with said selected originalobject (12S); said SOI insertion service (42) inserting said statisticalobject (14S) into said message (68) and forwarding said message (68) tosaid network resource (62);
 6. A method as recited in claim 1, furthercomprising the additional steps of: said object activation agent (48)communicating said keying information (61), and said expirationcriterion (63) for each of said original objects (12S) to an SOIidentification service (40); said SOI Policy service (40) generating aplurality of statistical objects (14S) using said keying information(61) for each of the said original objects (12S).
 7. A method as recitedin claim 6, further comprising the additional steps of: said SOI Policyservice (40) ceasing generation of statistical objects (14S) after saidexpiration criterion (63) has been met;
 8. A method as recited as claim6 in which: said expiration criterion (63) is expressed as a function oftime;
 9. A method as recited in claim 7 in which: said expirationcriterion (63) is expressed as a function of statistical objects (14S);10. A method as recited in claim 7 in which: said expiration criterion(63) is expressed as a function of messages (68);
 11. A method asrecited in claim 1, further comprising the additional steps of: saidobject activation agent (48) communicating said keying information (61),and said expiration criterion (61) for each of said original objects(12S) to an SOI resolution service (46); said SOI resolution service(46) generating a plurality of statistical objects (14S) using saidkeying information (61) for each of the said original objects (12S). 12.A method as recited in claim 11, further comprising the additional stepsof: said identity fault resolution service (46) ceasing generation ofstatistical objects (14S) after said expiration criterion (63) has beenmet;
 13. A method as recited as claim 11 in which: said expirationcriterion (63) is expressed as a function of time;
 14. A method asrecited in claim 11 in which: said expiration criterion (63) isexpressed as a function of statistical objects (14S);
 15. A method asrecited in claim 11 in which: said expiration criterion (63) isexpressed as a function of messages (68);
 16. A method comprising thesteps of: An SOI Policy service (40) receiving a statistical object(14S) associated with a message (68) using statistical objectidentification, determining that said received statistical object (14S)is not present in a plurality of statistical object (14S); and sendingsaid statistical object (14S) and said associated message (68) to an SOIresolution service (46);
 17. A method as recited in claim 16, furthercomprising the additional steps of: accumulating a statistic of failedstatistical object resolutions on a per source address basis;determining that said count of failed statistical object resolutionsexceeds a threshold; and discarding messages received from said sourceaddress until an expiration criterion is met;
 18. A method as recited inclaim 16, further comprising the additional steps of: accumulating astatistic of failed statistical object resolutions on a per sourceaddress basis; determining that said count of failed statistical objectresolutions exceeds a threshold; and adjusting the probability thresholdfor messages received from said source address until an expirationcriterion is met;
 19. A method comprising the steps of: An SOIresolution service (46) receiving an original object (12S), keyinginformation (61), expiration criterion (63), a message (68) and policyinformation (60) from a second SOI resolution service (49); and said SOIresolution service (46) generating statistical objects (14S) from saidoriginal objects (12S) until said expiration criterion (63) issatisfied;
 20. A method as recited in claim 19, further comprising theadditional steps of: said SOI resolution service (46) associating asource IP address contained in said message (68) with said originalobject (12S);